[dm-crypt] The future of disk encryption with LUKS2

Milan Broz gmazyland at gmail.com
Mon Feb 8 22:51:25 CET 2016


On 02/03/2016 03:17 PM, Milan Broz wrote:

>> Will any of the materials used in the presented posted online
>> somewhere for the rest of us to see?

Slides are here, but it is really just overview talk
https://mbroz.fedorapeople.org/talks/DevConf2016/devconf2016-luks2.pdf
(The talk name was a kind of joke because conference hashtag is #definefuture:)

TL;DR; we have to provide extensible interface for different keyslot types.

[Just note to already crazy discussion here - there will be NO LUKS header
at the end of device. Been there with another storage project and
just no - it is not worth problems it causes.]

[And second note - wiping of encrypted keyslot data is with current
storage devices impossible to do reliably.]

Anyway, the first goal here is to just redefine current on-disk format
to allow keyslot extensions. All possible changes in algorithms can
follow because it becomes "easily" configurable.

Milan
p.s.
There are also live stream recordings on youtube.

But better than watching our LUKS2 overview talk see follow-up talk
  "New Cryptography for Binding Data to Third Parties" 
https://www.youtube.com/watch?v=Ixo8iOpQsNQ
(Note you need to switch camera in stream, there is no official recording
videos yet, this is recording of a live stream from multiple rooms.)

My intention with LUKS2 is to provide interface for this but
keep responsibility for these protocols in separate projects.


More information about the dm-crypt mailing list